On the one hand, regulators want to be able to easily see all the trading data about stock trades. On the other, if you put all the important information in one place, hackers might go after it. What’s a body to do?
“Exchanges Seek Database Delay, Citing Security,” The Wall Street Journal, November 15, 2017 B18. The NYSE and others asked the SEC to delay the start of a new database of sensitive trading information so that they can enhance the security. By adding a CISO, for example.
The SEC hasn’t been a positive model for computer security, and industry has had a few oopsies as well. How does one balance ease of regulatory enforcement and security? Which one is more important? Who’s responsible/liable if there’s an oops?